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DETAILED ACTION 

1 . Claims 1-4, 6, 8-20, 23, 25, and 26 are pending. 

2. A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
06/17/2008 has been entered. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 9-1 9, and 23 are rejected under 35 U.S.C. 1 03(a) as being unpatentable 
over Squier et al. (US 71 881 81 ) in view of Sampson et al. (US 6339423). 

As per claims 9-1 3, 1 7, and 23, Squier et al. discloses inputting at a first system 
that grants session credentials based on successful authentication, a request from a 
client to access a protected resource on the first system, the protected resource on the 
first system being accessible by the client only after successful authentication of the 
client at the first system (see column 5 lines 54-63); determining at the first system that 
a client does not have a valid session credential granted by the first system (see column 
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5 line 64 through column 6 line 4); retrieving, at the first system, information from a 
session token held by the client, the information being retrieved from the client, the 
information corresponding to a session credential for the second system, the second 
system grants session credentials based on successful authentication at the second 
system and includes protected resources on the second system that is accessible by 
the client, the protected resource on the second system being accessible by the client 
only after successful authentication of the client at the second system (see column 6 
lines 4-15) the first system presenting at least some of the information from the session 
token to the second system; the first system inputting a determination from the second 
system that the client has a valid session credential with the second system; and the 
first system effecting successful authentication to the client so as to grant access to the 
protected resource on the first system, to the client based on the determination from the 
second system that the client has a valid session credential with the second system 
(see column 6 line 41 through column 7 line 5 see also figure 2) the first system 
inputting information from the second system and in response the first system outputting 
to the second system a determination that the first system has a valid session credential 
for the client at the first system; and the second system effecting successful 
authentication so as to grant access to the further protected resource on the second 
system to the client based on the determination from the first system that the client has 
a valid session credential with the first system (see column 6 lines 41-56 and column 8 
lines 29-63 and column 9 lines 2-4). 
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Squier et al. discloses that the request and session information are sent at the 
same time (see column 5 lines 54-63), therefore fails to disclose the session information 
is retrieved from the client after determining that the client does not have valid session 
credentials. 

However, Sampson et al. teaches sending a request to a server and the server 
determining that the client doesn't have valid session credentials and requesting a 
session token from the client (see column 3 lines 34-43 where the data transmitted to 
the browser to go to the first server is a request to get a session token, i.e. cookies). 

At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to request the client of Squier et al. to send a session token when it is 
determined that the client doesn't have valid session credentials. 

Motivation to do so would have been to allow a user to obtain credentials to 
access a server when the user did not originally have the credentials (see Sampson et 
al. column 3 lines 34-43). 

As per claim 14, the modified Squier et al. and Sampson et al. system discloses 
granting a session credential to the client by the first system, after determining that the 
client has a valid session credential granted by the second system (see Squier et al. 
column 6 lines 57-62). 

As per claim 15, the modified Squier et al. and Sampson et al. system discloses 
maintaining the client session credential granted by the second system (see Squier et 
al. column 6 lies 57-64). 
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As per claims 16 and 19, the modified Squier et al. and Sampson et al. system 
discloses associating session credentials for the first system and the second system 
with the client (see Squier et al. column 6 lines 57-64). 

As per claim 18, the modified Squier et al. and Sampson et al. system discloses 
granting the client session credentials for the first system (see Squier et al. column 6 
lines 57-64). 

5. Claims 1-4, 6, 8 and 20 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over the modified Squier et al. and Sampson et al. system in view of 
Howard etal. (US 6584505). 

As per claims 1 and 20, the modified Squier et al. and Sampson et al. system 
discloses inputting at a first system that grants session credentials based on successful 
authentication, a request from a client to access a protected resource on the first 
system, the protected resource on the first system being accessible by the client only 
after successful authentication of the client at the first system (see Squier et al. column 

5 lines 54-63); determining at the first system that a client does not have a valid session 
credential granted by the first system (see Squier et al. column 5 line 64 through column 

6 line 4 and Sampson et al. column 3 lines 34-43); after the determining retrieving, at 
the first system, information from a session token held by the client, the information 
being retrieved from the client, the information corresponding to a session credential for 
the second system, the second system grants session credentials based on successful 
authentication at the second system and includes protected resources on the second 
system that is accessible by the client, the protected resource on the second system 
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being accessible by the client only after successful authentication of the client at the 
second system (see Squier et al. column 6 lines 4-15 and Sampson et al. column 3 
lines 34-43) the first system presenting at least some of the information from the 
session token to the second system; the first system inputting a determination from the 
second system that the client has a valid session credential with the second system; 
and the first system effecting successful authentication to the client so as to grant 
access to the protected resource on the first system, to the client based on the 
determination from the second system that the client has a valid session credential with 
the second system (see Squier et al. column 6 line 41 through column 7 line 5 see also 
figure 2). 

The modified Squier et al. and Sampson et al. system fails to discloses directing 
the client to the first system to establish a session credential based on successful 
authentication at the first system, after determining that the client does not have a valid 
session credential granted by the second system. 

However, Howard et al. teaches such redirection (see column 6 lines 51-52 and 
column 8 lines 54-57). 

At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to redirect the client to a different server upon failed authentication. 

Motivation to do so would have been to allow the user to authenticate to a known 
server (see Howard et al. column 7 lines 52-65). 

As per claim 2, the modified Squier et al., Sampson et al. and Howard et al. 
system discloses granting a session credential to the client by the first system, after 
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determining that the client has a valid session credential granted by the second system 
(see Squier et al. column 6 lines 57-62). 

As per claim 3, the modified Squier et al., Sampson et al. and Howard et al. 
system discloses sending a session token to the client, the token corresponding to a 
session credential granted by the first system (see Squier et al. column 6 lines 57-62). 

As per claim 4, the modified Squier et al., Sampson et al. and Howard et al. 
system discloses a method comprising directing the client to the second system to 
establish a session credential based on successful authentication at the second system, 
after determining that the client does not have a valid session credential granted by the 
second system (see Squier et al. column 6 lines 30-40). 

As per claim 6, the modified Squier et al., Sampson et al. and Howard et al. 
system discloses maintaining the client session credential granted by the second 
system (see Squier et al. column 6 lies 57-64). 

As per claim 8, the modified Squier et al., Sampson et al. and Howard et al. 
system discloses retrieving information from the session token held by the client 
comprises: sending a query to the client from the first system, the query including 
identification as originating from a domain name corresponding to the second system; 
and receiving a response to the query (see Howard column 8, lines 8-11). 
6. Claims 25 and 26 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over the modified Squier et al. and Sampson et al. system as applied to claim 23 above, 
and further in view of Marks et al. (US 20010054059). 
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As per claims 25 and 26 the modified Squier et al. and Sampson et al. system 
fails to disclose that the protected resource is pay-per-use or subscription content. 

However, Marks et al. teaches content of this type (see paragraph [0028]). 

At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to protect pay-per-use and subscription content using the modified Squier 
et al. and Sampson et al. system. 

Motivation to do so would have been that this type of content costs money and 
protecting them prevents free use of the content. 

Response to Arguments 

7. Applicant's arguments with respect to claims 1-4, 6, 8-20, 23, 25, and 26 have 
been considered but are moot in view of the new ground(s) of rejection. 

Conclusion 

8. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. Buckland, Kalpio, Omshehe, and Kou teach methods of retrieving 
session information. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to MICHAEL PYZOCHA whose telephone number is 
(571)272-3875. The examiner can normally be reached on Monday-Thursday, 7:00am - 
4:30pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Michael Pyzocha/ 
Examiner, Art Unit 2137 



